Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216030.roa
File:                     AS216030.roa (raw, json)
Hash identifier:          usf5KIKmq5Ulxr5quBaREyLkp+nCs1n88XIUWsfv48I=
Subject key identifier:   66:82:68:43:4D:E8:E0:00:0A:EF:22:F8:1A:2A:D3:18:0F:F5:92:C2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       250ED63BE239386F863D26587731FFF85B909910
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216030.roa
Signing time:             Thu 31 Jul 2025 03:54:13 +0000
ROA not before:           Thu 31 Jul 2025 03:49:13 +0000
ROA not after:            Thu 30 Jul 2026 03:54:13 +0000
asID:                     216030
IP address blocks:        191.101.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:0e:d6:3b:e2:39:38:6f:86:3d:26:58:77:31:ff:f8:5b:90:99:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 31 03:49:13 2025 GMT
            Not After : Jul 30 03:54:13 2026 GMT
        Subject: CN=668268434DE8E0000AEF22F81A2AD3180FF592C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f0:2d:0d:f7:21:54:10:3a:cd:7c:db:22:17:
                    15:1d:4b:b0:0e:3f:27:ea:e3:2c:39:66:8f:ef:bf:
                    c7:5e:0b:65:6d:74:07:34:f3:23:94:19:f9:39:23:
                    63:78:d4:9a:a9:42:72:9e:7e:d7:ed:8f:e4:e8:eb:
                    9f:fa:c6:92:b1:b5:af:45:65:da:85:17:97:27:05:
                    ea:3b:6f:e5:8f:3e:ab:b2:f7:9d:80:27:16:87:76:
                    a7:68:d8:dc:83:de:f7:e8:e1:8c:f2:28:04:b9:b2:
                    d0:ee:b5:32:0f:bd:25:c9:3b:d2:8a:dd:21:90:9c:
                    1c:5d:e1:c9:a2:30:53:c1:35:99:15:93:de:b4:95:
                    65:98:2d:9f:66:48:19:e2:a2:ef:06:e9:56:8a:5c:
                    2d:a3:2e:0c:81:91:a5:53:83:49:84:63:8b:76:68:
                    c5:52:c5:c9:51:59:06:b9:2f:33:31:fd:ea:db:d2:
                    16:9f:a7:6d:82:62:f5:fb:a5:f8:cb:09:da:be:33:
                    9b:9a:44:0f:f7:8f:99:2a:ef:23:9b:8e:db:95:d4:
                    2c:e1:46:36:be:df:fd:61:e1:ab:ac:21:19:68:1e:
                    2c:2f:46:12:1b:e8:52:36:31:a5:3a:7a:2f:4e:27:
                    e7:e4:fc:4c:1b:96:e7:65:aa:c2:a1:88:6f:3e:5a:
                    8c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:82:68:43:4D:E8:E0:00:0A:EF:22:F8:1A:2A:D3:18:0F:F5:92:C2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:3f:50:c0:50:f1:1e:92:f3:b3:83:a4:83:b6:d2:eb:dc:bf:
         8e:9f:e9:22:60:85:5e:44:50:eb:02:df:14:36:2e:24:2a:b4:
         43:7b:db:24:29:8c:64:40:be:2a:fd:8f:63:cf:13:87:6a:ea:
         4f:dd:39:4e:7b:24:96:a0:98:6e:57:3f:5a:ec:68:ab:3e:60:
         f3:d4:5e:8c:7c:bb:59:4c:fb:a4:2e:b8:b7:f2:1c:f6:60:20:
         7b:ec:61:98:99:30:06:1a:96:1a:35:7d:1d:58:6d:ee:a9:1a:
         d9:f0:4f:92:a4:8c:4b:69:97:68:fc:59:a0:36:d9:6c:93:d6:
         5f:ee:9b:e5:fa:cd:2b:c5:87:4f:d6:87:93:d9:82:4d:1c:5a:
         2f:5d:0b:79:f1:38:c9:b8:b5:4b:6c:ba:d0:67:40:60:5c:71:
         6d:27:d7:7e:bf:26:c0:35:c7:65:a8:7b:d4:56:77:8f:5a:af:
         16:7e:77:bc:ea:a3:97:22:29:51:34:29:27:72:3c:7d:43:7e:
         4c:2f:d9:7b:f1:30:2c:af:f5:7c:3d:e9:28:37:48:f7:6e:b2:
         a2:09:8e:c5:42:35:b2:37:e0:b3:76:80:f7:1c:86:6c:50:0c:
         b1:b1:f9:85:b5:80:52:db:e5:b2:d4:49:07:85:b7:05:fe:51:
         f9:b4:59:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJQ7WO+I5OG+GPSZYdzH/+FuQmRAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MzEwMzQ5MTNaFw0yNjA3MzAwMzU0MTNaMDMxMTAvBgNV
BAMTKDY2ODI2ODQzNERFOEUwMDAwQUVGMjJGODFBMkFEMzE4MEZGNTkyQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj8C0N9yFUEDrNfNsiFxUdS7AO
Pyfq4yw5Zo/vv8deC2VtdAc08yOUGfk5I2N41JqpQnKeftftj+To65/6xpKxta9F
ZdqFF5cnBeo7b+WPPquy952AJxaHdqdo2NyD3vfo4YzyKAS5stDutTIPvSXJO9KK
3SGQnBxd4cmiMFPBNZkVk960lWWYLZ9mSBniou8G6VaKXC2jLgyBkaVTg0mEY4t2
aMVSxclRWQa5LzMx/erb0hafp22CYvX7pfjLCdq+M5uaRA/3j5kq7yObjtuV1Czh
Rja+3/1h4ausIRloHiwvRhIb6FI2MaU6ei9OJ+fk/EwbludlqsKhiG8+WozRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZoJoQ03o4AAK7yL4GirTGA/1ksIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MDMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2X7
MA0GCSqGSIb3DQEBCwUAA4IBAQAmP1DAUPEekvOzg6SDttLr3L+On+kiYIVeRFDr
At8UNi4kKrRDe9skKYxkQL4q/Y9jzxOHaupP3TlOeySWoJhuVz9a7GirPmDz1F6M
fLtZTPukLri38hz2YCB77GGYmTAGGpYaNX0dWG3uqRrZ8E+SpIxLaZdo/FmgNtls
k9Zf7pvl+s0rxYdP1oeT2YJNHFovXQt58TjJuLVLbLrQZ0BgXHFtJ9d+vybANcdl
qHvUVnePWq8Wfne86qOXIilRNCkncjx9Q35ML9l78TAsr/V8PekoN0j3brKiCY7F
QjWyN+CzdoD3HIZsUAyxsfmFtYBS2+Wy1EkHhbcF/lH5tFm8
-----END CERTIFICATE-----